Intrusion Prevention

Apache.httpd.mod_http2.DoS

Description

This indicates an attack attempt to exploit a Denial of Service vulnerability in Apache HTTP Server.
The vulnerability caused by an error when the mod_http2 module handles a HTTP/2 request with crafted CONTINUATION frames. A remote attacker may be able to crash vulnerable web server via a HTTP request.

Affected Products

Apache HTTP Server 2.4.17 through 2.4.23

Impact

Denial of Service : Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://httpd.apache.org/security/vulnerabilities_24.html

CVE References

CVE-2016-8740